It is no longer possible to specify gc_expir_time with a time lower
than its default value (65000 msecs). This is to avoid running
peer_gc() earlier than 1 minute [well, 65 s actually] in the future,
which would otherwise render anti-spoof protection in SPA mode
non-functional.
- $Id$ in a comment is pointless.
- remove unneeded/commented-out includes.
- remove warning messages on allocation failure
(if that happens it is almost too late anyway;
not wanting to spam the logs)
- remove warning messages about unhandled packets
(attacker filling up logs)
Kbuild would install the .ko module files relative to their source
directory, i.e.
extensions/xt_quota.ko
-> /lib/modules/%/extra/xt_quota.ko
extensions/ACCOUNT/xt_ACCOUNT.ko
-> /lib/modules/%/extra/ACCOUNT/xt_ACCOUNT.ko
Add a hack to Makefile.am so that it all goes into extra/ only,
without any further subdirectories created. This is strictly a hack
as it pokes with Kbuild internals.
Putting the ext-mod-dir override into extensions/Kbuild would not do,
it is overridden by $linux/scripts/Makefile.modinst, so a higher
priority override is needed (make command line by means of
Makefile.am invoking make).
First, there is a memory leak - when the crypto functions fail,
hexresult was not freed. Second, in that error case, the return value
is simply passed up to the caller, ignoring the different meanings of
0 and 1 between crypto and pknock.
Some functions like the crypto init or proc_mkdir do not return an
error value. Replace the -1, which is actually EPERM, and looks a
little out of place, and use ENXIO instead. (After all, the requested
objects were not there after the request of initialization.)
Since pr_debug depends on #if DEBUG anyway, there is no need to
contain DEBUGP/pk_debug within a further if. Rename from DEBUGP to
pk_debug, because DEBUGP is flagged by Xtables-addons (- and that's
good so, because often DEBUGPs should have been pr_debug instead).
The printk calls were protected using #if DEBUG anyway, so they can
just be changed to pr_debug. pr_debug also depends on #if DEBUG, and
takes care of the module prefix.
If DEBUG was not defined, and no rule was effectively found, the
"rule" variable may still be non-NULL, and possibly cause deletion.
Therefore, always check for the rule having been found.
